Vulnerabilites related to dlink - dir-880l_firmware
cve-2017-14948
Vulnerability from cvelistv5
Published
2019-10-14 17:03
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/badnack/d_link_880_bug/blob/master/README.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:42:22.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/badnack/d_link_880_bug/blob/master/README.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-14T17:03:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/badnack/d_link_880_bug/blob/master/README.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14948", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/badnack/d_link_880_bug/blob/master/README.md", refsource: "MISC", url: "https://github.com/badnack/d_link_880_bug/blob/master/README.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14948", datePublished: "2019-10-14T17:03:25", dateReserved: "2017-09-29T00:00:00", dateUpdated: "2024-08-05T19:42:22.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20213
Vulnerability from cvelistv5
Published
2020-01-02 01:03
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-02T01:03:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20213", datePublished: "2020-01-02T01:03:16", dateReserved: "2020-01-02T00:00:00", dateUpdated: "2024-08-05T02:39:09.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20675
Vulnerability from cvelistv5
Published
2019-01-09 00:00
Modified
2024-09-17 01:21
Severity ?
EPSS score ?
Summary
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.765Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-09T00:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20675", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", refsource: "MISC", url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20675", datePublished: "2019-01-09T00:00:00Z", dateReserved: "2019-01-08T00:00:00Z", dateUpdated: "2024-09-17T01:21:23.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20674
Vulnerability from cvelistv5
Published
2019-01-09 00:00
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-09T00:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20674", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", refsource: "MISC", url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20674", datePublished: "2019-01-09T00:00:00Z", dateReserved: "2019-01-08T00:00:00Z", dateUpdated: "2024-09-16T20:32:52.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29322
Vulnerability from cvelistv5
Published
2021-06-04 19:39
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | D-Link Router DIR-880L |
Version: 1.07 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.702Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "D-Link Router DIR-880L", vendor: "n/a", versions: [ { status: "affected", version: "1.07", }, ], }, ], datePublic: "2020-08-18T00:00:00", descriptions: [ { lang: "en", value: "The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "Hardcoded Credentials", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-04T19:39:00", orgId: "ee1bbb37-1770-46bd-bba8-910037954ee0", shortName: "CSW", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "disclose@cybersecurityworks.com", ID: "CVE-2020-29322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "D-Link Router DIR-880L", version: { version_data: [ { version_value: "1.07", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Hardcoded Credentials", }, ], }, ], }, references: { reference_data: [ { name: "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html", refsource: "MISC", url: "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ee1bbb37-1770-46bd-bba8-910037954ee0", assignerShortName: "CSW", cveId: "CVE-2020-29322", datePublished: "2021-06-04T19:39:00", dateReserved: "2020-11-27T00:00:00", dateUpdated: "2024-08-04T16:48:01.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17621
Vulnerability from cvelistv5
Published
2019-12-30 16:09
Modified
2025-02-04 20:34
Severity ?
EPSS score ?
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:47:13.504Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-17621", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:33:59.746115Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-06-29", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17621", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:34:06.306Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-22T18:06:22.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.dlink.com/en/security-bulletin", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-17621", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", refsource: "MISC", url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { name: "https://www.dlink.com/en/security-bulletin", refsource: "MISC", url: "https://www.dlink.com/en/security-bulletin", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", refsource: "CONFIRM", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", refsource: "CONFIRM", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { name: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-17621", datePublished: "2019-12-30T16:09:17.000Z", dateReserved: "2019-10-16T00:00:00.000Z", dateUpdated: "2025-02-04T20:34:06.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6530
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2025-02-04 20:36
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.174Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-6530", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:36:36.248676Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-08", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6530", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:36:49.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00.000Z", descriptions: [ { lang: "en", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6530", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6530", datePublished: "2018-03-06T20:00:00.000Z", dateReserved: "2018-02-02T00:00:00.000Z", dateUpdated: "2025-02-04T20:36:49.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6563
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40805/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.kb.cert.org/vuls/id/677427 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/94130 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2016/Nov/38 | mailing-list, x_refsource_FULLDISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:36:28.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "40805", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40805/", }, { name: "VU#677427", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/677427", }, { name: "94130", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94130", }, { name: "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2016/Nov/38", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DIR-823", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-822", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-818L(W)", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-895L", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-890L", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-885L", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-880L", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-868L", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, { product: "DIR-850L", vendor: "D-Link", versions: [ { status: "unknown", version: "N/A", }, ], }, ], datePublic: "2016-11-07T00:00:00", descriptions: [ { lang: "en", value: "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-14T09:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "40805", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40805/", }, { name: "VU#677427", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/677427", }, { name: "94130", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94130", }, { name: "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2016/Nov/38", }, ], source: { discovery: "UNKNOWN", }, title: "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2016-6563", STATE: "PUBLIC", TITLE: "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "DIR-823", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-822", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-818L(W)", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-895L", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-890L", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-885L", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-880L", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-868L", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, { product_name: "DIR-850L", version: { version_data: [ { affected: "?", version_affected: "?", version_value: "N/A", }, ], }, }, ], }, vendor_name: "D-Link", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "40805", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40805/", }, { name: "VU#677427", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/677427", }, { name: "94130", refsource: "BID", url: "http://www.securityfocus.com/bid/94130", }, { name: "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2016/Nov/38", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2016-6563", datePublished: "2018-07-13T20:00:00", dateReserved: "2016-08-03T00:00:00", dateUpdated: "2024-08-06T01:36:28.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-01-09 00:29
Modified
2024-11-21 04:01
Severity ?
Summary
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822-us_firmware | * | |
| dlink | dir-822-us | - | |
| dlink | dir-850l_firmware | * | |
| dlink | dir-850l | - | |
| dlink | dir-850l_firmware | * | |
| dlink | dir-850l_firmware | 2.22b02 | |
| dlink | dir-850l | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l_firmware | 1.20b01 | |
| dlink | dir-880l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2DCBEAD7-2C7B-43FC-9352-B520F31035EE", versionEndIncluding: "3.10b06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822-us_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "820E41C7-8D99-4B71-8C6E-9064E5173168", versionEndIncluding: "3.10b06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822-us:-:*:*:*:*:*:*:*", matchCriteriaId: "670ED1ED-F14F-45F6-BE40-F3F1B1ED853F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E47C6FC0-783C-4D65-9F26-0E2C2E288936", versionEndIncluding: "1.21b07", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*", matchCriteriaId: "607DDB44-0E4E-4606-8909-B624345688D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE9D7484-AB7F-4276-BAEF-C0D6AC698123", versionEndIncluding: "2.21b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:2.22b02:beta:*:*:*:*:*:*", matchCriteriaId: "92FF706E-89F6-47BA-988D-A78B7AD1FAC0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*", matchCriteriaId: "607DDB44-0E4E-4606-8909-B624345688D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CF193C4-D65C-4708-83A4-7D1859B1E978", versionEndIncluding: "1.07.b08", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:1.20b01:beta:*:*:*:*:*:*", matchCriteriaId: "678EA257-C88B-4447-A318-C2F799D57A46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.", }, { lang: "es", value: "Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.20B02Beta) permiten la omisión de autenticación.", }, ], id: "CVE-2018-20675", lastModified: "2024-11-21T04:01:58.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-09T00:29:00.240", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-14 18:15
Modified
2024-11-21 03:13
Severity ?
Summary
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/badnack/d_link_880_bug/blob/master/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/badnack/d_link_880_bug/blob/master/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | - | |
| dlink | dir-868l | - | |
| dlink | dir-890l_firmware | - | |
| dlink | dir-890l | - | |
| dlink | dir-885l_firmware | - | |
| dlink | dir-885l | - | |
| dlink | dir-895l_firmware | 1.13b03 | |
| dlink | dir-895l | - | |
| dlink | dir-880l_firmware | 1.08b04 | |
| dlink | dir-880l | - | |
| dlink | dir-895r_firmware | 1.13b03 | |
| dlink | dir-895r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "26512943-D705-484D-B9EA-BF401606DFA3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0BCCA2BB-4577-402C-88B5-F8E10770CA35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "3441E49F-C21B-4B68-89AD-BD46E8D88638", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:1.13b03:*:*:*:*:*:*:*", matchCriteriaId: "8AC402D8-0279-49B0-BB77-23B036A400C9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:1.08b04:*:*:*:*:*:*:*", matchCriteriaId: "75AEBC09-E4B8-46D6-BD72-5AB4522B732A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895r_firmware:1.13b03:*:*:*:*:*:*:*", matchCriteriaId: "65C3BB4D-EEBE-4B06-9C4D-6181D66CB905", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.", }, { lang: "es", value: "Ciertos productos de D-Link se ven afectados por: Desbordamiento de búfer. Esto afecta a DIR-880L 1.08B04 y DIR-895 L/R 1.13b03. El impacto es: ejecutar código arbitrario (remoto). El componente es: htdocs/fileaccess.cgi. El vector de ataque es: una petición HTTP diseñada manejada por fileacces.cgi podría permitir que un atacante realice un ataque ROP: si el campo de encabezado HTTP CONTENT_TYPE comienza con ''boundary='' seguido de más de 256 caracteres, se desencadenará un desbordamiento de búfer, potencialmente causando la ejecución del código.", }, ], id: "CVE-2017-14948", lastModified: "2024-11-21T03:13:49.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-14T18:15:10.263", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/badnack/d_link_880_bug/blob/master/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/badnack/d_link_880_bug/blob/master/README.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - |
{ cisaActionDue: "2022-09-29", cisaExploitAdd: "2022-09-08", cisaRequiredAction: "The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.", cisaVulnerabilityName: "D-Link Multiple Routers OS Command Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E9B68DE-D3A7-4973-9D47-7203B2190F82", versionEndIncluding: "reva_firmware_patch_1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección de comandos del sistema operativo en soap.cgi (soapcgi_main en cgibin) en D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 y versiones anteriores, DIR-868L DIR868LA1_FW112b04 y versiones anteriores, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante el parámetro service.", }, ], id: "CVE-2018-6530", lastModified: "2025-02-04T21:15:16.167", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-03-06T20:29:00.987", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Severity ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-859_firmware | * | |
| dlink | dir-859_firmware | 1.06b01 | |
| dlink | dir-859 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-823_firmware | * | |
| dlink | dir-823 | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-869_firmware | * | |
| dlink | dir-869 | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - | |
| dlink | dir-890l_firmware | * | |
| dlink | dir-890l | - | |
| dlink | dir-890r_firmware | * | |
| dlink | dir-890r | - | |
| dlink | dir-885l_firmware | * | |
| dlink | dir-885l | - | |
| dlink | dir-885r_firmware | * | |
| dlink | dir-885r | - | |
| dlink | dir-895l_firmware | * | |
| dlink | dir-895l | - | |
| dlink | dir-895r_firmware | * | |
| dlink | dir-895r | - | |
| dlink | dir-818lx_firmware | - | |
| dlink | dir-818lx | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0", versionEndIncluding: "1.05b03", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E", versionEndIncluding: "2.03b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629", versionEndIncluding: "3.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134", versionEndIncluding: "1.00b06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422", versionEndIncluding: "1.07b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923", versionEndIncluding: "1.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9", versionEndIncluding: "2.05b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A", versionEndIncluding: "1.03b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD", versionEndIncluding: "1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C", versionEndIncluding: "1.11b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619", versionEndIncluding: "1.11b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, { lang: "es", value: "Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php.", }, ], id: "CVE-2019-20213", lastModified: "2024-11-21T04:38:13.213", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-02T14:16:36.533", references: [ { source: "cve@mitre.org", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { source: "cve@mitre.org", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-13 20:29
Modified
2024-11-21 02:56
Severity ?
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://seclists.org/fulldisclosure/2016/Nov/38 | Exploit, Mailing List, Third Party Advisory | |
| cret@cert.org | http://www.securityfocus.com/bid/94130 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://www.exploit-db.com/exploits/40805/ | Exploit, Third Party Advisory, VDB Entry | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/677427 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Nov/38 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94130 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40805/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/677427 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-823_firmware | - | |
| dlink | dir-823 | - | |
| dlink | dir-822_firmware | - | |
| dlink | dir-822 | - | |
| dlink | dir-818l\(w\)_firmware | - | |
| dlink | dir-818l\(w\) | - | |
| dlink | dir-895l_firmware | - | |
| dlink | dir-895l | - | |
| dlink | dir-890l_firmware | - | |
| dlink | dir-890l | - | |
| dlink | dir-885l_firmware | - | |
| dlink | dir-885l | - | |
| dlink | dir-880l_firmware | - | |
| dlink | dir-880l | - | |
| dlink | dir-868l_firmware | - | |
| dlink | dir-868l | - | |
| dlink | dir-850l_firmware | - | |
| dlink | dir-850l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-823_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "BCC02FC3-0BB2-41B4-9EDD-65AC1CE9AB5B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "10F0B001-DEDD-4B68-A63D-F68A8BAF9C1D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-818l\\(w\\)_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4312D87E-181E-423A-90A1-C6F16AD58458", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-818l\\(w\\):-:*:*:*:*:*:*:*", matchCriteriaId: "3A208284-D9A8-4B97-A975-E7AF0D7110A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2E62F905-D226-463C-8BA9-201E8B0165FD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0BCCA2BB-4577-402C-88B5-F8E10770CA35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "3441E49F-C21B-4B68-89AD-BD46E8D88638", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "52A89607-6CBB-4197-AF08-8A52FA73F703", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "26512943-D705-484D-B9EA-BF401606DFA3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "E72B76AE-8D5C-4FAD-A7FC-303CB0670C98", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*", matchCriteriaId: "607DDB44-0E4E-4606-8909-B624345688D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.", }, { lang: "es", value: "El procesamiento de mensajes SOAP mal formados al realizar la acción de inicio de sesión HNAP provoca un desbordamiento de búfer en la pila en algunos routers D-Link DIR. Los campos XML vulnerables en el cuerpo SOAP son: Action, Username, LoginPassword y Captcha. Los siguientes productos se han visto afectados: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L y DIR-850L.", }, ], id: "CVE-2016-6563", lastModified: "2024-11-21T02:56:21.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-13T20:29:01.003", references: [ { source: "cret@cert.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Nov/38", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94130", }, { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40805/", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/677427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2016/Nov/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40805/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/677427", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "cret@cert.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-09 00:29
Modified
2024-11-21 04:01
Severity ?
Summary
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822-us_firmware | * | |
| dlink | dir-822-us | - | |
| dlink | dir-850l_firmware | * | |
| dlink | dir-850l | - | |
| dlink | dir-850l_firmware | * | |
| dlink | dir-850l_firmware | 2.22b02 | |
| dlink | dir-850l | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l_firmware | 1.20b01 | |
| dlink | dir-880l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2DCBEAD7-2C7B-43FC-9352-B520F31035EE", versionEndIncluding: "3.10b06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822-us_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "820E41C7-8D99-4B71-8C6E-9064E5173168", versionEndIncluding: "3.10b06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822-us:-:*:*:*:*:*:*:*", matchCriteriaId: "670ED1ED-F14F-45F6-BE40-F3F1B1ED853F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E47C6FC0-783C-4D65-9F26-0E2C2E288936", versionEndIncluding: "1.21b07", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*", matchCriteriaId: "607DDB44-0E4E-4606-8909-B624345688D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE9D7484-AB7F-4276-BAEF-C0D6AC698123", versionEndIncluding: "2.21b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:2.22b02:beta:*:*:*:*:*:*", matchCriteriaId: "92FF706E-89F6-47BA-988D-A78B7AD1FAC0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*", matchCriteriaId: "607DDB44-0E4E-4606-8909-B624345688D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9CF193C4-D65C-4708-83A4-7D1859B1E978", versionEndIncluding: "1.07.b08", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:1.20b01:beta:*:*:*:*:*:*", matchCriteriaId: "678EA257-C88B-4447-A318-C2F799D57A46", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution.", }, { lang: "es", value: "Los dispositivos D-Link que utilizan determinadas versiones (las DIR-822 C1 anteriores a la v3.11B01Beta, las DIR-822-US C1 anteriores a la v3.11B01Beta, las DIR-850L A* anteriores a la v1.21B08Beta, las DIR-850L B* anteriores a la v2.22B03Beta y las DIR-880L A* anteriores a la v1.20B02Beta) permiten la ejecución de comando remotos.", }, ], id: "CVE-2018-20674", lastModified: "2024-11-21T04:01:58.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-09T00:29:00.210", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10101", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-04 20:15
Modified
2024-11-21 05:23
Severity ?
Summary
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| disclose@cybersecurityworks.com | https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-880l_firmware | 1.07 | |
| dlink | dir-880l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:1.07:*:*:*:*:*:*:*", matchCriteriaId: "A4FD495C-1D16-4A14-9517-23AA481A9A54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.", }, { lang: "es", value: "El router D-Link DIR-880L versión 1.07, es vulnerable a una divulgación de credenciales en el servicio telnet mediante la descompilación del firmware, lo que permite a un atacante no autenticado conseguir acceso al firmware y extraer datos confidenciales", }, ], id: "CVE-2020-29322", lastModified: "2024-11-21T05:23:54.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-04T20:15:07.657", references: [ { source: "disclose@cybersecurityworks.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html", }, ], sourceIdentifier: "disclose@cybersecurityworks.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-30 17:15
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-859_firmware | * | |
| dlink | dir-859_firmware | 1.06b01 | |
| dlink | dir-859 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-823_firmware | * | |
| dlink | dir-823_firmware | 1.00b06 | |
| dlink | dir-823 | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-869_firmware | * | |
| dlink | dir-869_firmware | 1.03b02 | |
| dlink | dir-869 | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - | |
| dlink | dir-890l_firmware | * | |
| dlink | dir-890l_firmware | 1.11b01 | |
| dlink | dir-890l | - | |
| dlink | dir-890r_firmware | * | |
| dlink | dir-890r_firmware | 1.11b01 | |
| dlink | dir-890r | - | |
| dlink | dir-885l_firmware | * | |
| dlink | dir-885l | - | |
| dlink | dir-885r_firmware | * | |
| dlink | dir-885r | - | |
| dlink | dir-895l_firmware | * | |
| dlink | dir-895l | - | |
| dlink | dir-895r_firmware | * | |
| dlink | dir-895r | - | |
| dlink | dir-818lx_firmware | - | |
| dlink | dir-818lx | - |
{ cisaActionDue: "2023-07-20", cisaExploitAdd: "2023-06-29", cisaRequiredAction: "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", cisaVulnerabilityName: "D-Link DIR-859 Router Command Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0", versionEndIncluding: "1.05b03", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E", versionEndIncluding: "2.03b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629", versionEndIncluding: "3.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134", versionEndIncluding: "1.00b06", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*", matchCriteriaId: "5A56D2BD-5160-46FE-8AC7-CB4CA50E4D5D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422", versionEndIncluding: "1.07b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923", versionEndIncluding: "1.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9", versionEndIncluding: "2.05b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A", versionEndIncluding: "1.03b02", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*", matchCriteriaId: "AF693676-C580-44CF-AAC6-6E38658FEAFB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD", versionEndIncluding: "1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C", versionEndIncluding: "1.11b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*", matchCriteriaId: "7A4A1A68-5B14-47B7-9D02-274A0E4AF2F2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619", versionEndIncluding: "1.11b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*", matchCriteriaId: "4C18C9D9-9418-441B-9367-91F86137245C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, { lang: "es", value: "La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local.", }, ], id: "CVE-2019-17621", lastModified: "2025-02-04T21:15:18.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-12-30T17:15:19.857", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }